github microsoft/msticpy v0.8.5
Authentication, Mordor and VirusTotal v3 API
on GitHub

latest releases: v2.11.0, v2.10.0, v2.9.0...
3 years ago

This release includes several new features:

  • Support for VirusTotal v3 API
  • Streamlined authentication for Azure using chained authentication
  • Azure Sentinel API support
  • Mordor data provider and data browser

New Features

  • VirusTotal V3 API support (#97 and #106)
    The VirusTotal team contributed a new module that gives access to the latest version of their API. This
    includes building of relationships between malicious items and viewing the relationship graph.
    (thanks to Andres Ramirez/@aramirezmartin and Juan Infantes at VirusTotal!).
    See the VirusTotal V3 notebook
    To use this feature you will need to install msticpy with the "vt3" extra 
   pip install msticpy[vt3]
  • Azure Authentication (#109)
    We previously has several mechanism to authenticate to Azure components - mainly Key Vault and the Azure Data module.
    This caused unnecessary authentications. These now use a single mechanism and can also piggy-back on existing AzureCLI
    and Managed Service Identity (MSI) credentials. For example, if you have run az login from Azure CLI before launching
    your notebook the credentials from Azure CLI will be used to fetch the required authentication token for other
    Azure modules in MSTICPy. Note: this does not yet include Kqlmagic but we hope to have that in the next release.
    To see this working, check out the AzureSentinel API notebook link below.
  • Azure Sentinel API Support (#109)
    This release includes initial support for Azure Sentinel APIs to retrieve Azure Sentinel Workspaces, Alert Rules,
    Hunting Queries and Hunting bookmarks (more to follow in a later release).
    See the Azure Sentinel API notebook
  • Mordor data (#108)
    Mordor is an open source data repository of logs illustrating different kinds
    of adversary behavior and referenced to the Mitre ATT&CK framework. The MSTICPy
    Mordor package includes a notebook browser to search through and display the data sets and a dataprovider
    allowing you to download datasets into pandas DataFrames to use in your notebooks.
    See the Mordor Data notebook

Experimental Features

  • Split queries by time period (#110)
    This allows you to split a very large or long-running query into subsets split along by time interval (e.g. 1day, 1hour, etc.)
    The DataProvider data queries now accept a split_query_by option to split queries by time period. The time period
    follows the pandas Timedelta syntax e.g. "1D", "6H". The query is divided, each piece run sequentially and the results
    re-assembled into a single DataFrame.

Fixes

1bce3f3@Bug fix and nasty workaround for old test setup removed in pkg_config.py
0a21b59@Updating pre-commit version for black
36d2539@Updated formatting for new black version
7897cb9@Moving VT3 dependencies to extras. (#111)

Check out latest releases or
releases around microsoft/msticpy v0.8.5

Don't miss a new msticpy release

NewReleases is sending notifications on new releases.

Get notifications